Rajini Sivaram created KAFKA-9497:
-------------------------------------
Summary: Brokers start up even if SASL provider is not loaded and
throw NPE when clients connect
Key: KAFKA-9497
URL: https://issues.apache.org/jira/browse/KAFKA-9497
Project: Kafka
Issue Type: Bug
Affects Versions: 2.4.0, 1.1.1, 0.11.0.3, 0.10.2.2
Reporter: Rajini Sivaram
Assignee: Rajini Sivaram
Fix For: 2.5.0
Note: This is not a regression, this has been the behaviour since SASL was
first implemented in Kafka.
Sasl.createSaslServer and Sasl.createSaslClient may return null if a SASL
provider that works for the specified configs cannot be created. We don't
currently handle this case. As a result broker/client throws
NullPointerException if a provider has not been loaded. On the broker-side, we
allow brokers to start up successfully even if SASL provider for its enabled
mechanisms are not found. For SASL mechanisms PLAIN/SCRAM-xx/OAUTHBEARER, the
login module in Kafka loads the SASL providers. If the login module is
incorrectly configured, brokers startup and then fail client connections when
hitting NPE. Clients see disconnections during authentication as a result. It
is difficult to tell from the client or broker logs why the failure occurred.
We should fail during startup if SASL providers are not found and provide
better diagnostics for this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
